File _patchinfo of Package patchinfo.31637

<patchinfo incident="31637">
  <issue tracker="bnc" id="1214327">VUL-0: CVE-2023-37369: qt3,libqt5-qtbase,qt6-base,libqt4: buffer overflow in QXmlStreamReader</issue>
  <issue tracker="bnc" id="1222120">VUL-0: CVE-2023-45935: libqt4,libqt5-qtbase,qt3,qt6-base: NULL pointer dereference via QXcbConnection::initializeAllAtoms()</issue>
  <issue tracker="bnc" id="1227426">VUL-0: CVE-2024-39936: libqt4,libqt5-qtbase,qt3,qt6-base: delay any HTTP2 communication until encrypted() can be responded to</issue>
  <issue tracker="bnc" id="1227513">libQt5Sql5-unixODBC regression</issue>
  <issue tracker="bnc" id="1218413">VUL-0: CVE-2023-51714: libqt4,libqt5-qtbase,qt3,qt6-base: incorrect integer overflow check</issue>
  <issue tracker="cve" id="2023-37369"/>
  <issue tracker="cve" id="2023-45935"/>
  <issue tracker="cve" id="2024-39936"/>
  <issue tracker="cve" id="2023-51714"/>
  <issue tracker="jsc" id="PED-6193"/>
  <packager>alarrosa</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for libqt5-qtbase</summary>
  <description>This update for libqt5-qtbase fixes the following issues:

- CVE-2023-37369: Fixed a buffer overflow in QXmlStreamReader (QTBUG-91889, bsc#1214327).
- CVE-2023-45935: Fixed NULL pointer dereference in QXcbConnection::initializeAllAtoms() due to anomalous behavior from the X server (bsc#1222120)
- CVE-2024-39936: Fixed information leakage due to process HTTP2 communication before encrypted() can be responded to (bsc#1227426)
- CVE-2023-51714: Fixed an incorrect integer overflow check (bsc#1218413).
   
Other fixes:
  - Add patch from upstream to fix a regression in the ODBC driver (bsc#1227513, QTBUG-112375)
  - Add upstream patch to fix a potential overflow in assemble_hpack_block()
  - Use pkgconfig(icu-18n) to select current icu
</description>
</patchinfo>